OMB has announced a “federal risk and authorization management” program – FedRAMP — intended to reduce the duplicative efforts, inconsistencies and cost inefficiencies when assessing and authorizing cloud systems.
OMB said the federal government suffers from duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approaches and that there is little incentive to leverage existing “authorizations to operate” among agencies.
The program is intended to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services through standardized security requirements and controls – and one that agencies will be required to use.
This template approach “will save cost, time, and staff required to conduct redundant agency security assessments so no one has to reinvent the wheel,” said federal CIO Steven VanRoekel,” adding that OMB expects savings in the 30 to 40 percent range for these activities when using the new program. More info here: www.FedRAMP.gov .
